Arcjet has launched Guards, a security library that runs protection rules inside AI agent tool handlers, queue consumers, and workflow steps — places where traditional WAFs and HTTP proxies have no visibility. Guards addresses three key threats in agentic systems: prompt injection from fetched web content, runaway token spend from looping agents, and PII leakage to third-party LLMs. Unlike perimeter-based security tools, Guards integrates directly into application code as composable building blocks, giving enforcement access to full application context (user identity, session state, token budgets). It supports TypeScript and Python, and pairs with an Arcjet MCP server and CLI so AI coding agents can configure and monitor security without leaving the editor.
Table of contents
Agent-friendly isn't agent-firstSecurity has to follow the codeHow Arcjet Guards worksA new shape for application securityGet startedSort: